155 matches found
CVE-2019-19839
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/cmdstat.jsp via the uploadFile attribute...
CVE-2019-19838
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/cmdstat.jsp via the uploadFile attribute...
CVE-2019-19839
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/cmdstat.jsp via the uploadFile attribute...
Command injection
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/cmdstat.jsp via the uploadFile attribute...
Command injection
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/cmdstat.jsp via the uploadFile attribute...
CVE-2019-19839
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/cmdstat.jsp via the uploadFile attribute...
CVE-2019-19839
CVE-2019-19839 affects Ruckus Wireless Unleashed emfd; a remote attacker can execute OS commands by sending a POST to admin/_cmdstat.jsp with xcmd=import-category via the uploadFile attribute. Root cause is improper handling of the xcmd=import-category parameter in emfd, enabling command executio...
CVE-2019-19838
CVE-2019-19838 affects Ruckus Wireless Unleashed firmware (emfd) up to and including 200.7.10.102.64. The issue allows remote command execution when an attacker crafts a POST to admin/_cmdstat.jsp with the uploadFile attribute and the xcmd=get-platform-depends parameter, triggering OS commands on...
CVE-2019-19837
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests...
CVE-2019-19835
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/rcmdstat.jsp URI...
Information disclosure
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests...
Server side request forgery (ssrf)
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/rcmdstat.jsp URI...
CVE-2019-19835
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/rcmdstat.jsp URI...
CVE-2019-19835
The CVE-2019-19835 entry describes an SSRF vulnerability in AjaxRestrictedCmdStat (zap) affecting Ruckus Wireless Unleashed through 200.7.10.102.64, enabling a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. Affected product scope is Ruckus Unleashed firmware; ex...
CVE-2019-19837
CVE-2019-19837 affects Ruckus Wireless Unleashed firmware up to 200.7.10.102.64. Affected component: the web interface. Root cause: incorrect access control in the web interface, which permits remote disclosure of the bin/web.conf file via HTTP requests. Impact: information disclosure of configur...
CVE-2019-19842
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/cmdstat.jsp via the mac attribute...
CVE-2019-19841
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/cmdstat.jsp via the mac attribute...
CVE-2019-19842
emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/cmdstat.jsp via the mac attribute...
CVE-2019-19840
A stack-based buffer overflow in zapparseargs in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request...
CVE-2019-19840
A stack-based buffer overflow in zapparseargs in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request...